《open trusted health informatics structure》由会员分享,可在线阅读,更多相关《open trusted health informatics structure(10页珍藏版)》请在金锄头文库上搜索。
1、Open Trusted Health Informatics Structure (OTHIS) Vicky Liu, William Caelli, Lauren May and Peter Croll Faculty of Information Technology encryption and decryption services at an appropriate level of granularity (“selective field encryption”); etc. Provision of any compatibility requirements for the
2、 operating systems on the computers connected via the OSI scheme, and Proc. 2nd Australasian Workshop on Health Data and Knowledge Management (HDKM 2008), Wollongong, Australia35 Encapsulation of application level data into appropriate blocks needed for transmission. 1.1 Security Goals for the Healt
3、h Sector The security goals for the health sector incorporate data management and control as a fundamental requirement. Indeed it is the protection of so-called “data at rest” that may be considered, from experience over the last five years or so, to be the single major security factor in the protec
4、tion of health information systems. The issues of security and privacy of data in transit have been largely solved through the use of advanced cryptographic processes and procedures. Factors such as cryptographic key management with associated data communications protocols and message formats, such
5、as those involved in the widely used and accepted “link-level encryption” based Secure Sockets Layer (SSL)2/Transport Layer Security (TLS)3 scheme, have been incorporated into such processes. These goals, for example, have been clearly defined in the statement of mission of Australias NEHTA4 as foll
6、ows: Improving the quality of healthcare services, by enabling authorised clinicians to access a patients integrated healthcare information and history, directly sourced from clinical notes, test results and prescriptions using standardised clinical data formats and terminologies. Streamlining multi
7、-disciplinary care management, enabling seamless handovers of care by ensuring efficient electronic referrals; authorised access to up-to-date clinical opinions and patient healthcare histories via shared patient health records; and fast, secure mechanisms for directly exchanging important notificat
8、ions between healthcare providers. Improving clinical and administrative efficiency, by standardising certain types of healthcare information to be recorded in eHealth systems; uniquely identifying patients, healthcare providers and medical products; and reforming the purchasing process for medical
9、products. Maintaining high standards of patient privacy and information security. Requirements 1 and 4 of these NEHTA statements clearly emphasise the importance of creating a complete, usable and implementable security architecture for HIS on an end-to-end basis. Moreover, NEHTA also recognises tha
10、t 2 SSL, designed by Netscape, is a commonly used protocol for endpoint authentication and communications privacy using cryptography on the Internet http:/en.wikipedia.org/wiki/Secure_Sockets_Layer accessed 2/09/2007. 3 TLS, designed by IETF, is a non-proprietary protocol. It is derived from SSL and
11、 is almost identical to SSLv3. http:/en.wikipedia.org/wiki/Transport_Layer_Security accessed 2/09/2007. 4 NEHTA (National E-Health Transition Authority) was established by Australias Federal Government in 2005 to oversee the introduction of a system of national electronic health records. privacy per
12、ceptions of the Australian community play a major role in ensuring the success of e-health systems (NEHTA 2006). These factors are similarly emphasised in the USA through that countrys 1996 HIPAA (Health Insurance Portability and Accountability Act), issued by the USAs. Department of Health and Huma
13、n Services (CMS 2004). The USA government intends to reform its national healthcare system with the goal of improving the effectiveness and efficiency of healthcare operations whilst assuring that health information remains private and secure. Achieving the security goals for HIS is a critical facto
14、r in the successful implementation of e- health initiatives. 1.2 Scope and Assumptions The theme of this paper is in alignment with a number of specified topics within the scope of the conference including architecture of health information systems, privacy protection and the overall security/assura
15、nce of health systems. Appropriate data security management involves the protection of such data in storage, during processing and when transmitted. The proposed OTHIS structure addresses all of these areas. This paper focuses on the security and protection of data in storage or under processing par
16、ts of the OTHIS overall structure. Our architecture assumes that the basic hardware and operating systems of all connected nodes in a healthcare information systems network are trusted and secure. We submitted that any such computer systems participating in an HIS must conform to the “Labelled Security Protection Profile (LSPP)” of the internationally accepted information systems security e
